How to set up Gmail's 2-step verification with Mail on your iPhone, iPad, and Mac

After the news of Mat Honan's horrible experience of getting hacked, many of you are probably (and if not, should be!) taking extra precautions with your accounts, passwords, and general outlook on digital security. One of the big mistakes that Mat said he made was to not setting up Gmail's 2-step verification. Admittedly, this is a somewhat annoying security measure, but it's totally worth it.

iMore is here to help you every step of the way with setting it up!

What is Gmail's 2-step verification?

Gmail's 2-step verification is an optional level of security that not only requires your password, but also a passcode that gets sent to your phone via text or voice. Any computers you mark as "secure" will only require you to enter the code once every 30 days, but all other computers will require you to enter it every time.

Some apps and services do not yet support Gmail's 2-step verification. Three of those apps includes Apple's built-in Mail for iPhone, iPad, and Mac. The good news is that Gmail has provided an alternate method to increase your security -- requiring a separate, auto-generated password for each of those apps.

Like I said, initially setting up 2-step verification is a bit of a hassle, but the extra security it provides is priceless.

How to activate 2-step verification

Enter in the phone number you wish to receive the verification code at and choose whether to receive it by text or voice call.

Receive code and enter it.

Decide whether to trust the computer you're using or not. Click Next.

Read info about 2-step verification. Click Confirm.

2-step verification activation is complete! Gmail will log you out and return you to the login screen.

How to set-up passwords for iPhone, iPad, and Mac with Gmail's 2-step verification alternative

Now that Gmail 2-step authentication is up and running, you will probably immediately notice that all of your Mail clients, including your iPhone, iPad, and Mac, start giving you incorrect password errors. This is a good sign because it means your activation was a success! To access your Gmail from your iOS and Mac Mail clients, you must create separate passwords for each one.

Login to Gmail.

You will immediately be taken to screen informing you that 2-step verification has been activated and provide you with further options. The first one is to enter a backup phone number (very good idea) and the second to is get list of printable codes (I actually stored these as a secure note in Dropbox). The third one is the one we're most interested in right now; it's called "Application specific passwords". Click the Manage application specific passwords link in the lower righthand corner.

At the bottom of the screen you should see a password generator. Give a name to the password you're generating. Be as specific as necessary. For example, if both you and you wife use iPhones, share a Gmail account, and will access the account from both iPhones, make sure you give each device a separate name like "Leanna's iPhone" and "Dave's iPhone.

Former app and photography editor at iMore, Leanna has since moved on to other endeavors. Mother, wife, mathamagician, even though she no longer writes for iMore you can still follow her on Twitter @llofte.

Reader comments

How to set up Gmail's 2-step verification with Mail on your iPhone, iPad, and Mac

The biggest mistake Honan made, and the key that unlocked this whole mess, was leaving his credit card data on Amazon. That should be the warning being pounded home. Without that information none of this would have happened. It is incredible that a computer journalist in 2012, who should know the most basic security risks, would be so stupid.

You are letting Apple off far too easily here. There are dozens of ways to get the last 4 digits of a credit card besides Amazon. Most commerce sites print them in clear text on invoices. Go check your recent iTunes purchases. Apple itself prints those digits in the clear. Ordered a song at Starbucks? If somebody sees the confirmation page over your shoulder, and knows your email address, that is enough to give them access through Apple's support channels.

For Apple to trust those 4 digits as proof of identity is inexcusable.

User beware: if you change your cell phone number, you'll create havoc. If you have to use this verification, Google will keep sending the codes to the old number and there is no way in hell to get back to Google to change your cell phone number. This happened to me and I gave up with Google's shit support, so I had to create another Gmail account. Just avoid this if possible.

Just one example why you definitely should set up a backup phone number as well as a save the printable codes (at least one of them) somewhere. If I had a safe, I'd print them and keep them in there. Even keeping them in your wallet would be fine. Especially if they aren't labeled as google codes since Google requires both a code and password.

The problem was that you couldn't even get to log back in, no matter what you had. There were no places to put the code to log back in. None. I had that as well and still got locked out. I emailed Google support, but they were about as useless as teeth on a chicken. I don't bother with that two factor authentication anymore. I just doubled my password complexity.

I'm assuming everyone reading this has also stopped the foolish practice of saving all of their priceless data on one mobile device?..

There are several lessons to be learned here. Far more prevalent than a hacker group singling me out is that people invariably save data either on a machine or in a location that's not backed up and not secure. So please stop and think for a moment- if your computer just had coffee spilled on it, what would you lose? Plug that gap and also stop drinking so close to your computer! :)

Disposable credit cards...disposable credit cards...disposable credit cards. It doesn't matter if you like the few banks who use them (I use Bank of America)...they will save your tail. For every purpose you get a new credit card number with an amount and expiration date of "your choice" and you can delete them whenever you want (usually right after the purchase clears your account).

If you have trouble accessing the application specific passwords page, from a Windows PC running Google Chrome:
1. Log into Gmail
2. Click the Cog in the top right
3. Settings
4. Accounts and Import
5. Bottom Right - Manage Security
6. Bottom Paragraph - Connected applications and sites
7. Click Manage Access
8. You will find the page where you can configure passwords for Connected Apps as pictured in Step 3

Can anyone tell me how to turn off the 2 step verification program? It is driving me crazy. It is a long story but at work I have you long on to my Gmail account and I use different computers at work & have to do the 2 step several times a day...grrr! Thanks for your help in advance.